An Investigation of the Factors that Influence the Compliance to Information Security Policy: From Risk Compensation Theory

정보보안 정책 준수에 영향을 미치는 요인: 위험보상이론 관점에서

  • Yim, Myung-Seong (Dept. of Business Administration, Sahmyook University) ;
  • Han, Kun Hee (Dept. of Information & Communication, Baekseok University)
  • 임명성 (삼육대학교 경영학과) ;
  • 한군희 (백석대학교 정보통신학부)
  • Received : 2013.08.14
  • Accepted : 2013.10.20
  • Published : 2013.10.28


Information security has been a major concern in organizations. The longstanding question of how to improve employees security behaviors and reduce human errors remains unanswered and requires further exploration in the information security domain. To do this, we propose a risk compensation theory-based model and examine the model. Research results shows that the relationships between information security countermeasures and information security compliance intention of employees are moderated by system vulnerability. However, the finding is contrary to the previously held risk compensation assumption and deserve further study. In addition, system quality does not play a moderator role in the relationship. Conclusions and implications are discussed.


Information Security;Security Policy;Risk Compensation Theory;Moderating Effect